netfilter: flowtable: fixup UDP timeout depending on ct state

Currently flow_offload_fixup_ct() function assumes that only replied UDP
connections can be offloaded and hardcodes UDP_CT_REPLIED timeout value. To
enable UDP NEW connection offload in following patches extract the actual
connections state from ct->status and set the timeout according to it.

Signed-off-by: Vlad Buslov <vladbu@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
index 81c26a96c30bb68203e88cb3db674335d725fe16..04bd0ed4d2ae70b5721eb707673861de4351d9a4 100644 (file)
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -193,8 +193,11 @@ static void flow_offload_fixup_ct(struct nf_conn *ct)
                timeout -= tn->offload_timeout;
        } else if (l4num == IPPROTO_UDP) {
                struct nf_udp_net *tn = nf_udp_pernet(net);
+               enum udp_conntrack state =
+                       test_bit(IPS_SEEN_REPLY_BIT, &ct->status) ?
+                       UDP_CT_REPLIED : UDP_CT_UNREPLIED;
 
-               timeout = tn->timeouts[UDP_CT_REPLIED];
+               timeout = tn->timeouts[state];
                timeout -= tn->offload_timeout;
        } else {
                return;